PurpleI2P/i2pd
1
0
Fork 0
mirror of https://github.com/PurpleI2P/i2pd.git synced 2025-08-26 17:01:49 +00:00
Code Issues Releases Activity

don't verify signature for close and reset packets if came from ECIESx25519 session

Browse Source
This commit is contained in:
orignal 2025-08-06 10:50:10 -04:00
parent f5b57283b3
commit aca5f35fa0
1 changed files with 31 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
libi2pd/Streaming.cpp
View File

@ -461,9 +461,10 @@ namespace stream
optionData += 2; optionData += 2;
} }
bool sessionVerified = false; bool verified = true;
if (flags & PACKET_FLAG_FROM_INCLUDED) if (flags & PACKET_FLAG_FROM_INCLUDED)
{ {
verified = false;
if (m_RemoteLeaseSet) m_RemoteIdentity = m_RemoteLeaseSet->GetIdentity (); if (m_RemoteLeaseSet) m_RemoteIdentity = m_RemoteLeaseSet->GetIdentity ();
if (!m_RemoteIdentity) if (!m_RemoteIdentity)
m_RemoteIdentity = std::make_shared<i2p::data::IdentityEx>(optionData, optionSize); m_RemoteIdentity = std::make_shared<i2p::data::IdentityEx>(optionData, optionSize);
@ -490,7 +491,7 @@ namespace stream
m_RemoteIdentity->GetIdentHash ().ToBase32 ()); m_RemoteIdentity->GetIdentHash ().ToBase32 ());
return false; return false;
} }
sessionVerified = true; verified = true;
if (!(flags & PACKET_FLAG_SIGNATURE_INCLUDED)) if (!(flags & PACKET_FLAG_SIGNATURE_INCLUDED))
m_DontSign = true; // don't sign if the remote didn't sign m_DontSign = true; // don't sign if the remote didn't sign
} }
@ -503,6 +504,27 @@ namespace stream
optionData += 2; optionData += 2;
} }
if (flags & (PACKET_FLAG_CLOSE | PACKET_FLAG_RESET))
{
verified = false;
if (packet->from && !m_RemoteLeaseSet && m_RemoteIdentity)
m_RemoteLeaseSet = m_LocalDestination.GetOwner ()->FindLeaseSet (m_RemoteIdentity->GetIdentHash ());
if (m_RemoteLeaseSet)
{
uint8_t staticKey[32];
m_RemoteLeaseSet->Encrypt (nullptr, staticKey);
if (memcmp (packet->from->GetRemoteStaticKey (), staticKey, 32))
{
LogPrint (eLogError, "Streaming: Remote LeaseSet static key mismatch for stream from ",
m_RemoteIdentity->GetIdentHash ().ToBase32 ());
return false;
}
verified = true;
}
else // invalid stream, safe to close
verified = true;
}
if (flags & PACKET_FLAG_OFFLINE_SIGNATURE) if (flags & PACKET_FLAG_OFFLINE_SIGNATURE)
{ {
if (!m_RemoteIdentity) if (!m_RemoteIdentity)
@ -510,7 +532,7 @@ namespace stream
LogPrint (eLogInfo, "Streaming: offline signature without identity"); LogPrint (eLogInfo, "Streaming: offline signature without identity");
return false; return false;
} }
if (sessionVerified) if (verified)
{ {
// skip offline signature // skip offline signature
optionData += 4; // timestamp optionData += 4; // timestamp
@ -558,7 +580,6 @@ namespace stream
LogPrint (eLogError, "Streaming: Signature too big, ", signatureLen, " bytes"); LogPrint (eLogError, "Streaming: Signature too big, ", signatureLen, " bytes");
return false; return false;
} }
bool verified = sessionVerified;
if (!verified) // packet was not verified through session if (!verified) // packet was not verified through session
{ {
// verify actual signature // verify actual signature
@ -593,6 +614,11 @@ namespace stream
return false; return false;
} }
} }
if (!verified)
{
LogPrint (eLogError, "Streaming: Missing signature, sSID=", m_SendStreamID, ", rSID=", m_RecvStreamID);
return false;
}
if (immediateAckRequested) if (immediateAckRequested)
SendQuickAck (); SendQuickAck ();
return true; return true;